Our data center is certified ISO 27001, 27017, 27018. For more information see details from our hosting partner.
ISO 27001 is a widely recognized and internationally accepted information security standard that specifies security management best practices and comprehensive security controls following ISO 27002 best practices guidance.
ISO 27017 is a standard that provides additional guidance and implementation advice on information security aspects specific to cloud computing.
ISO 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with defined privacy principles for public cloud computing environments.
As a Norwegian company we are fully compliant with GDPR. You can find our policies regarding privacy and data processing in our terms of service. For a list of our subprocessors please contact us.
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.
Security, Availability & Confidentiality Reports. For more information see details from our hosting partner.
SOC1 Type 2 is an independent examination of the IT General controls and controls around availability, confidentiality and security of customer data processed relevant for the financial reporting of customers.
The restricted to use SOC2 Type 2 report is an independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability and confidentiality of the customer data processed.
The general use SOC3 report is an independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability and confidentiality of the customer data processed.
MakePlans does not store any credit card details but rely on certified partners for safe transmission and storage.
PCI DSS is the global security standard for all entities that store, process, or transmit cardholder data and/or sensitive authentication data
MakePlans treats security as a top priority. Our access granting process is designed to follow the principle of least privilege and we authenticate using SSO with hardware tokens as a mandatory second factor.
We standardize on macOS devices. All devices are encrypted, and secure device configuration is enforced.
We use a pull-request based approach with code reviews and CI/CD pipelines. Every change is tested with automated tests, dependencies are checked for known vulnerabilities, and the code is scanned for security issues.
Our infrastructure is hosted on AWS, which maintains internationally recognized compliance certifications (including ISO 27001 and SOC 2). They maintain industry-leading security practices and provide best-in-class environmental and physical protection for the services and infrastructure. Learn more about AWS security on their Cloud Security page.
All data is encrypted at rest and in transit. We regularly scan our TLS configuration and ensure that our services only allow HTTPS traffic with HSTS enabled.
Non-production environments are separated from production, both in terms of network and access control. Production data is never used for testing purposes.
We make sure to collect logs from our services to ensure proper auditing without logging sensitive data.
Our infrastructure is designed for high availability. Data is backed up to multiple locations for at least 30 days, and we have disaster recovery plans that are tested regularly.
We perform due diligence on all data processors and minimize the number of third parties involved. A list of our subprocessors is available.
MakePlans has a small, highly technical team that treats security as a top priority. Employees sign an NDA, follow security policies and participate in role-specific internal security training.
We have established procedures for responding to security and privacy incidents related to our products and services. We publish a point of contact for security researchers.
We conduct regular risk assessments and internal evaluations of our information security management system, our infrastructure, and all internal processes.
If you believe you have found a security vulnerability in MakePlans, or have any other security concerns, please see information about bug bounty or contact us at hello@makeplans.com.
Testa gratis, inga dolda avgifter eller bindningstider.
Pris per månad.
Nedgradera eller avsluta och exportera dina data när som helst.
Du är igång på 45 sekunder och
det är ingen bindningstid.
Kom igång nu